Description:
Multiple vulnerabilities were reported in Apache HTTPD. A remote user can access or modify session data. A remote user can cause the target service to crash. A remote user can conduct HTTP response splitting attacks.

The server does not strictly parse HTTP header data [CVE-2016-8743]. A remote user can submit a specially crafted URL to cause the target server to return a split response. A remote user can exploit this to spoof content on the target server, attempt to poison any intermediate web caches, or conduct cross-site scripting attacks.